package cn.han.jdbc;

import java.sql.*;
import java.util.Scanner;

public class Test2 {
    public static void main(String[] args) throws Exception {
        method();
    }

    private static void method() throws Exception {
        /*1.注册驱动
        * 2.获取数据库的连接
        * 3.获取传输器
        * 4.执行SQL
        * 5.解析结果集
        * 6.释放资源*/
        System.out.println("请输入用户名：");
        String s = new Scanner(System.in).nextLine();
        System.out.println("请输入密码：");
        String s1 = new Scanner(System.in).nextLine();
        Class.forName("com.mysql.jdbc.Driver");

        //3.问题：SQL攻击/SQL注入
        // 本质就是因为SQL语句中出现了#，注释掉了后面的条件，导致SQL语句改变。
        Connection c = DriverManager.getConnection(
                "jdbc:mysql://localhost:3306/cgb2018",
                "root","root");
        String sql = "select * from users where uname = ? ";//or pword = ?";//SQL骨架

        PreparedStatement statement = c.prepareStatement(sql);
        statement.setString(1,s);//占位符参数
//        statement.setObject(2,"adb");
        ResultSet r = statement.executeQuery();

        while (r.next()){
            int a = r.getInt("u_id");
//            Object object = r.getObject(2);
//            System.out.println(object);
            System.out.println(a);
        }
        r.close();
        statement.close();
        c.close();
    }
}
